A gun shooting smoke is surrounded by USB sticks that resemble bullets arranged over a map of the world made up of dots and lines, symbolizing the spread of digital crime
Cybercrime is becoming the mafia’s newest racket

Think:Act magazine "On being human"
Cybercrime is becoming the mafia’s newest racket

Portrait of Think:Act Magazine

Think:Act Magazine

Munich Office, Central Europe
December 5, 2018

The cyber mafia is growing and bringing a new level of organization to digital and internet crime


by Misha Glenny
photos by Ragnar Schmuck

The mafia has joined big business in setting up shop online – and they're enlisting cybersmart engineers to execute everything from supply chains and distribution to disabling its competitors, on both sides of the law.

Late 2012: Office workers at MSC, a Swiss Shipping Company, reported to their IT department that the computers at their offices in the port of Antwerp were running consistently slow. What they found were tiny computers known as pwnies (pronounced pony) packed into memory sticks and sitting on several of the workstations. Their systems had been hacked. The Belgian police were called in and quickly realized what was going on: Tech wizards had been using this access to steal information that enabled them to track specific containers and gain access to restricted areas of the port. As soon as the containers were ready for collection, members of a traditional organized crime syndicate sent in their trucks to drive them away.

Playing cards, loose keyboard buttons and gold coins with the Bitcoin logo scatter upwards and are reflected in a high-gloss table on which a pile of white powder sits next to diamonds, symbolizing the spread of digital crime
Hackers who engage in illegal activities are known as "black hats", ethical hackers as "white hats", and those in the middle as "grey hats".

It was the most dramatic example that law enforcement had ever seen of the fusion of two types of crime: a traditional mafia operation and criminal hackers. As the case went through the Belgian courts, the then director of Europol, Rob Wainwright, noted that "we now have effectively a service-oriented industry where organized crime groups are paying for specialist hacking skills that they can acquire online and are using to do their everyday business. "So concerned were Wainwright and Europol, they set up a specialist unit, EC3. At first the unit focused on establishing Europe-wide strategies for dealing with cybercrime. Later it began training and integrating other departments, notably anti-narcotics and people smuggling.

This culminated last year in an entire program to counter what Wainwright dubbed "the digitalization of organized crime." Europol quickly discovered it was not alone. Researchers into the illegal trafficking of rhino horn, ivory and pangolins from South Africa to Vietnam discovered that crime gangs were using the internet and messaging services to send the contraband via circuitous routes – Latin America, the Czech Republic and Ukraine – to evade detection.

30,000 people are already members of the PCC, a rapidly growing organization that draws new recruits every day.

The Brazilian and Soviet connections

Meanwhile in Brazil, the authorities had been struggling for several years with the growing power of a single criminal syndicate, the Primeiro Comando da Capital (PCC), São Paulo's mafia corporation. Mobile and then smart phones had transformed the ability of the PCC's council, the General Syndicate, to direct the organization's operation from within their prison cells. The PCC's leadership used its newfound communications ability to expand its operations beyond São Paulo. Today, just 10 years later, it is the major criminal presence not just in Brazil's 27 states but in Paraguay, Bolivia and, increasingly, in southern Colombia as well. But this was nothing compared to what prosecutors in São Paulo discovered after police had seized two laptops belonging to senior PCC members. Laid out on Excel spreadsheets was the entire cocaine distribution network for the metropolitan area. The document detailed how the PCC's franchise operation worked down to the smallest retailer. There was even a column identifying the punishment for individuals if they backtracked on their commitment or were suspected of embezzlement. They ranged from simple fines to execution. The final column confirmed whether the punishment had already been carried out and by which local branch.

Two epoch-changing events precipitated global organized crime representing a serious security threat. The first and less immediately obvious cause was the lifting of capital controls on financial and current accounts in 1986 by UK Prime Minister Margaret Thatcher and US President Ronald Reagan. The importance of the "big bang," as it was called, only started to become clear after the second event: the collapse of Communism in Eastern Europe and the Soviet Union. The former Soviet countries had no institutional ability to regulate the new capitalism which had been emerging among market traders since Gorbachev's reforms allowing limited private enterprise in 1988. With no commercial courts or arbitration system, the new businessmen employed what the Russian sociologist, Vadim Volkov, dubbed "privatized law enforcement agencies," or "the mafia."

Globalization of organized crime

The mafia groups soon discovered that they could enter into markets too and that, with the state in disarray, they could trade as easily in illegally farmed caviar, young women trafficked for sexual purposes or drugs. Around the same time, the new power of mobile capital was also opening up other markets around the world: India, Brazil, South Africa and even China. The rapid transformation placed strains on these countries' ability to maintain law and order. Before long, Russian groups were linking up with the Japanese Yakuza, the Colombian cartels, the various Italian mafias – including the Camorra and the 'Ndrangheta – not to mention Bulgarian, Moroccan, Vietnamese and Chinese syndicates.

A stolen card number cost $30 on carderplanet.com, including the owner's name, social security number, mother's maiden name and address.

Industrial-scale cybercrime also began its ascent in the former Soviet Union – quite specifically in Odessa, Ukraine. A group of unemployed hackers in their teens and twenties created a website, carderplanet.com, which revolutionized cybercrime on the web. The Ukrainians set up an escrow system for the 7,000 or so members who used the site as a market for stolen credit card data and computer viruses. This enabled criminals to enter into transactions securely. It also created trusted networks among criminals which operate to this day. Elsewhere other unemployed Russians, Bulgarians, Ukrainians and Romanians with their excellent maths and physics education from the Soviet period began to make money from the gaping vulnerabilities in the emerging e-commerce culture of the United States and Western Europe. The BRIC countries proved to be fertile breeding grounds for cybercriminal activity. Brazil, with its large Lusophone and Hispanic reach, quickly developed one of the largest cybercriminal markets. Cybercrime was revolutionary – huge profits were possible using theft and extortion.

A pair of dark aviator sunglasses hangs from a curtain of internet cables with a gun and burning cigar in the background, symbolizing organized crime’s move to internet crime
The darknet is the internet's underworld. Largely anonymous and driven by cryptocurrencies like Bitcoin, Europol estimates that two-thirds of the illegal darknet offers are drug-related, with one-third related to other illicit goods and services.
DDoS stands for "distributed denial of service." During such an attack, multiple unique IPs send repeated requests to a server, causing it to overload.

Disrupting the mafia's business model

Almost every traditional criminal market is now being influenced by the disruptive capacity of the internet. The drug trade is moving from the streets and onto the darknet. The statistics show something else, as well: Europe's and America's drug consumers are moving away from organic products originating in Bolivia or Afghanistan and increasingly enjoy synthetic drugs, manufactured not in the developing world, but in Holland, Canada, Bulgaria or Israel. That shift in production puts an immense additional strain on law enforcement agencies. There are many reasons why the legalization of certain drugs is a live political issue. The fact that the police are finding it hard to cope with the volume of drugs now circulating in Europe is not often articulated but it is very important. In one respect, we should welcome the shift in criminal behavior away from activity based on violent coercion. But as we grow ever more critically dependent on networked systems, the consequences of the potential threat from cybercrime and other forms of digital malfeasance grow exponentially.

In October 2016, an unknown group of criminals launched a massive DDoS assault on the servers of Dyn, an American company which is vital for the smooth functioning of the internet. The attack led to large parts of the internet on the American East Coast going down for several hours. Three things were special about this attack. It was some 40 times more powerful than any previous DDoS attack ever recorded. Secondly, the original code written by a student at Rutgers University who mistakenly released it "into the wild" had been carefully rewritten to increase its power and targeting ability. And thirdly, it derived its immense power by taking control of millions of devices around the world linked to the so-called internet of things. The obsession with growth on the internet has left security far behind. Without a fundamental shift in thinking as to how one protects networked systems, we run immense social and economic risks.

As the fusion between traditional organized crime and cybercrime proceeds, the structure of cybercriminal groups has assumed the hierarchies usually associated with its real-life counterpart. The days of the script kiddies, those mischief-making 15-year-olds bombing your computer with viruses, are over. Now cybercriminals have a boss and a council who are making decisions, a coding and malware department, a social engineering department, a finance department and then an army of foot soldiers responsible for laundering the money.

Both groups have learned a lot from this transitional period. Austerity in Europe has created a significant problem for governments and security policy. Like other parts of the world except the US, Europe suffers a dearth of cybersecurity professionals. Very few are prepared to devote themselves to public service, like law enforcement, when they can earn five or 10 times as much in the private sector. The future of policing will be primarily online. But one thing's for sure: The criminals are way ahead in seeing what the digital future can offer.

Portrait of Misha Glenny
Misha Glenny
Misha Glenny is an award-winning journalist and historian and the author of “McMafia: Seriously Organised Crime” which was recently broadcast as a TV drama by the BBC. He has taught at Columbia University as well as the London School of Economics and will be a visiting professor at University College London. His latest book is ” Nemesis: One Man and the Battle for Rio".
Further reading
Our Think:Act magazine
blue background
Think:Act Edition

On being human


In this issue of Think:Act magazine we examine in detail what it means to be human in our complex and fast changing world now and in the days to come.

Published November 2018. Available in
Subscribe to newsletter

Curious about the contents of our newest Think:Act magazine? Receive your very own copy by signing up now! Subscribe here to receive our Think:Act magazine and the latest news from Roland Berger.

Portrait of Think:Act Magazine

Think:Act Magazine

Munich Office, Central Europe